Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Some files in TEMP:
====================
C:\Users\Candra\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Error: (09/17/2015 11:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Error: (09/17/2015 09:12:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Error: (09/17/2015 06:21:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

System errors:
=============
Error: (09/16/2015 10:43:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

Error: (09/16/2015 05:27:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.

Advertisements

Bruce1270

Posted 21 September 2015 - 02:38 PM

Bruce1270

Trusted Helper

Malware Removal

1,603 posts

Hello mscreneet and

Sorry for the delay in getting to you.

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.

Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.

Please follow all instructions in the order given.

Please do not install any other software unless advised. This may hinder the removal process.

At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:

Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)

Enter control panel in the search box, then tap or click Control Panel.

Under View by:, select Large Icons, then tap or click Programs and features.

Tap or click the program, then tap or click Uninstall.

Follow the instructions on screen.

Repeat the above steps for all the other programs to remove.

Step2 - FRST fix

I noticed that you run FRST64.exe from C:\Users\Candra\AppData\Local\Microsoft\Windows\INetCache\IE\MWQ8VQ5X folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.